| Author |
Message |
cuberille
New Member
Joined: Feb 22, 2004
Posts: 9
Location: BC
|
 Posted:
Thu Aug 05, 2004 12:03 am |
|
So I've figured out that I in order to get Raven's 7.3 distro to not return this error message:
"You can't access this file directly..."
in each module's index.php I need to replace:
if (!eregi("modules.php", $_SERVER['SCRIPT_NAME'])) {
die ("You can't access this file directly...");
with:
if (!eregi("modules.php", $_SERVER['PHP_SELF'])) {
die ("You can't access this file directly...");
I'm really glad it works and I don't want to sound like I'm dissin Raven, cause I have the utmost respect for all the hard work done.
But can anyone tell me why this wasn't done in the first place? Or was it meant to be that way? Have I affected the security somehow by doing this?
Any input would be appreciated. I'm still having trouble figuring out what it is I have done here.
thanks
cuberille |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Thu Aug 05, 2004 5:03 am |
|
My guess would be because you're running PHP as a CGI binary and PHP_SELF is not available. I'm not sure about this, but another possible reason is that they have blocked PHP_SELF from exposing itself. Try running phpinfo() and see if PHP_SELF is one of the variables that is populated. |
| |
|
|
|
|
cuberille
|
| Posted:
Thu Aug 05, 2004 10:26 pm |
|
Well, I've found a fix for my "Access Denied" probs.
From Only registered users can see links on this board! Get registered or login!:
| Quote: | You probably have the same problem in the admin modules.
The admin modules used to use something like this:
Code:
if (!eregi("admin.php", $_SERVER['PHP_SELF'])) { die ("Access Denied"); }
Instead of changing all the code, you might be able to get away with adding this line to the end of the mainfile.php.
Put this on a new line just before the end of the mainfile.php ... put it on a line before the ?>
Code:
$_SERVER['SCRIPT_NAME'] = $_SERVER['PHP_SELF'];
EDIT: I assume you know where all the admin modules are, but just in case .. they are in the admin/modules folder. |
Running phpinfo() shows /phpinfo.php as being the variable for PHP_SELF . Can I assume that means it's not populated?
Also can you tell me why running as a CGI is a bad thing? I'ld like to forward that on to my hosting company.
As far as: | Quote: | Raven Web Hosting  |
I'ld love to, I've heard nothing but good things, but I've already paid for a year (3 weeks before I first came across your site  ). Rest assured once that's up, I will make the jump.
thanks
cuberille |
| |
|
|
|
|
orangecounty
New Member
Joined: May 06, 2005
Posts: 1
|
| Posted:
Fri May 06, 2005 9:31 am |
|
It Works
Brilliant - thanks for that it has solved my Access Denied problem. |
| |
|
|
|
|
incandescent
New Member
Joined: May 12, 2005
Posts: 1
|
| Posted:
Thu May 12, 2005 10:05 am |
|
It certainly works.
If you reverse the below:
$_SERVER['SCRIPT_NAME'] = $_SERVER['PHP_SELF'];
into => $_SERVER['PHP_SELF'] = $_SERVER['SCRIPT_NAME'];
and subsequently add it to the bottom of mainfile.php (before the ?> ).
at least, this worked for me. figures, since $_SERVER['PHP_SELF'] is not set; set it yourself. |
| |
|
|
|
|
kevindelft
New Member
Joined: Dec 04, 2005
Posts: 5
|
| Posted:
Sun Dec 04, 2005 2:14 pm |
|
What things do i have to fill in myself?
i'm sorry i am just a newbie, but when i inserted the above i' still recieved ACCESS DENIED
greetings kevin |
| |
|
|
|
|
Raven
|
| Posted:
Sun Dec 04, 2005 2:23 pm |
|
| kevindelft wrote: | What things do i have to fill in myself?
i'm sorry i am just a newbie, but when i inserted the above i' still recieved ACCESS DENIED
greetings kevin |
Have you searched the forums for Access denied? I know we have resolved all of these before  |
| |
|
|
|
|
kevindelft
|
| Posted:
Sun Dec 04, 2005 2:25 pm |
|
yes i did but i think it is very difficult can u tell me one more time what to do?
greetings Kevin |
| |
|
|
|
|
Raven
|
| Posted:
Sun Dec 04, 2005 2:37 pm |
|
|
|
|
|
kevindelft
|
| Posted:
Sun Dec 04, 2005 2:39 pm |
|
|
|
|
|
hellbent69
New Member
Joined: Apr 20, 2006
Posts: 1
|
| Posted:
Thu Apr 20, 2006 1:47 pm |
|
| cuberille wrote: | Well, I've found a fix for my "Access Denied" probs.
From Only registered users can see links on this board! Get registered or login!:
| Quote: | You probably have the same problem in the admin modules.
The admin modules used to use something like this:
Code:
if (!eregi("admin.php", $_SERVER['PHP_SELF'])) { die ("Access Denied"); }
Instead of changing all the code, you might be able to get away with adding this line to the end of the mainfile.php.
Put this on a new line just before the end of the mainfile.php ... put it on a line before the ?>
Code:
$_SERVER['SCRIPT_NAME'] = $_SERVER['PHP_SELF'];
EDIT: I assume you know where all the admin modules are, but just in case .. they are in the admin/modules folder. |
Running phpinfo() shows /phpinfo.php as being the variable for PHP_SELF . Can I assume that means it's not populated?
Also can you tell me why running as a CGI is a bad thing? I'ld like to forward that on to my hosting company.
As far as: | Quote: | | Raven Web Hosting |
I'ld love to, I've heard nothing but good things, but I've already paid for a year (3 weeks before I first came across your site ). Rest assured once that's up, I will make the jump.
thanks
cuberille |
I was having the access denied issues with just about everything and the mainfile.php edit took care of them all....thanks cuberille |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
